Apache Tomcat 7.x < 7.0.28 Multiple Vulnerabilities (Jun 2012) - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2013:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0266)

Updated tomcat6 packages that fix multiple security issues are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base score...

openSUSE Security Update : tomcat (openSUSE-SU-2012:1701-1)

fix bnc793394 - bypass of security constraints CVE-2012-3546 - tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1377 892 - fix bnc793391 - bypass of CSRF prevention filter CVE-2012-4431 - tomcat-CVE-2012-4431.patch...

SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

This update of tomcat6 fixes the following security issues : - denial of service. CVE-2012-4534 - tomcat: HTTP NIO connector OOM DoS via a request with large headers. CVE-2012-2733 - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat:...

[USN-1637-1] Tomcat vulnerabilities

========================================================================== Ubuntu Security Notice USN-1637-1 November 21, 2012 tomcat6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Ubuntu Update for tomcat6 USN-1637-1

Ubuntu Update for Linux kernel vulnerabilities USN-1637-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16371.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for tomcat6 USN-1637-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1637-1: Tomcat vulnerabilities

It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. CVE-2012-2733 It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A...

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service memory consumption via a large amount of head...

CVE-2012-2733

CVE-2012-2733 involves Apache Tomcat’s HTTP NIO connector (java/org/apache/coyote/http11/InternalNioInputBuffer.java). The flaw does not properly restrict the request-header size in Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, allowing remote attackers to trigger memory consumption and cause a...

CVE-2012-2733

Removed by vendor...

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service memory consumption via a large amount of head...

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service memory consumption via a large amount of head...

FreeBSD : tomcat -- Denial of Service (4ca26574-2a2c-11e2-99c7-00a0d181e71d)

The Apache Software Foundation reports : The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

Fixed in Apache Tomcat 6.0.36

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

Fixed in Apache Tomcat 7.0.28

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:156 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)

Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x : The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses CVE-2011-1184. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon...